A contract addendum may be required if a data processor contract does not contain all of the required data protection contractual clauses which are stated in the GDPR. This will be required in order to remain compliant with the regulation. Where a compliant contract does not exist it is recommended that a contract addendum is agreed between all parties, to retrospectively add the required contractual obligations to the current contract.
It is recommended that you create a contract addendum specifying all of the data protection contractual clauses and issue this in full to the parties to the contract where there is any shortfall in the current contract. Any addendum should also include the purposes of the processing which will take place as well as the categories of data and data subject which will be covered by the processing.
How can ProvePrivacy Help?
ProvePrivacy allows RoPA users to add all contracts as part of the Data Sharing Assessment, all of the above clauses are noted within this assessment and if any are identified as absent then a risk will be added to the risk log.